CVSS: 7.5EPSS: 14%CPEs: 22EXPL: 0CVE-2017-3731 – Truncated packet could crash via OOB read
https://notcve.org/view.php?id=CVE-2017-3731
26 Jan 2017 — If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. Si un servidor o cliente SSL/TLS se ejecuta en un hos... • http://rhn.redhat.com/errata/RHSA-2017-0286.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-7053 – CMS Null dereference
https://notcve.org/view.php?id=CVE-2016-7053
10 Nov 2016 — In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected. En OpenSSL 1.1.0 anterior a 1.1.0c, las aplicaciones que analizan estructuras CMS inválidas puede... • http://www.securityfocus.com/bid/94244 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 9%CPEs: 7EXPL: 0CVE-2016-7055 – openssl: Carry propagating bug in Montgomery multiplication
https://notcve.org/view.php?id=CVE-2016-7055
10 Nov 2016 — There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiat... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 25%CPEs: 3EXPL: 1CVE-2016-7054 – ChaCha20/Poly1305 heap-buffer-overflow
https://notcve.org/view.php?id=CVE-2016-7054
10 Nov 2016 — In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. En OpenSSL 1.1.0 anterior a 1.1.0c, las conexiones TLS que utilizan *-CHACHA20-POLY1305 ciphersuites pueden ser víctimas de una denegación de servicio si se corrompe el payload. Esto puede derivar la caída de OpenSSL. • https://www.exploit-db.com/exploits/40899 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 38%CPEs: 1EXPL: 0CVE-2016-6309
https://notcve.org/view.php?id=CVE-2016-6309
26 Sep 2016 — statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. statem/statem.c en OpenSSL 1.1.0a no considera el movimiento de bloque de memoria después de una llamada realloc, lo que permite a atacantes remotos provocar una denegación de servicio (uso después de liberación de memoria) o posiblemente ejecutar código arbitrario a través de ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 6%CPEs: 5EXPL: 0CVE-2016-7052 – Gentoo Linux Security Advisory 201612-16
https://notcve.org/view.php?id=CVE-2016-7052
26 Sep 2016 — crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. crypto/x509/x509_vfy.c en OpenSSL 1.0.2i permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) desencadenando una operación CRL. Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack. Versions less t... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 18%CPEs: 1EXPL: 0CVE-2016-6307 – OpenSSL Security Advisory 20160922
https://notcve.org/view.php?id=CVE-2016-6307
22 Sep 2016 — The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c. La implementación de máquina de estados en OpenSSL 1.1.0 en versiones anteriores a 1.1.0a asigna memoria antes de comprobar un exceso de longitud, lo que podría permitir a atacantes remotos provocar una denegación de servicio (... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 19%CPEs: 1EXPL: 0CVE-2016-6308 – OpenSSL Security Advisory 20160922
https://notcve.org/view.php?id=CVE-2016-6308
22 Sep 2016 — statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages. statem/statem_dtls.c en la implementación DTLS en OpenSSL 1.1.0 en versiones anteriores a 1.1.0a asigna memoria antes de comprobar el exceso de longitud, lo que podría permitir a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 20%CPEs: 41EXPL: 1CVE-2016-6304 – openssl: OCSP Status Request extension unbounded memory growth
https://notcve.org/view.php?id=CVE-2016-6304
22 Sep 2016 — Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. Múltiples fugas de memoria en t1_lib.c en OpenSSL en versiones anteriores a 1.0.1u, 1.0.2 en versiones anteriores a 1.0.2i y 1.1.0 en versiones anteriores a 1.1.0a permiten a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de grandes extensiones OCSP Statu... • https://packetstorm.news/files/id/139091 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 36%CPEs: 1EXPL: 1CVE-2016-6305 – OpenSSL Security Advisory 20160922
https://notcve.org/view.php?id=CVE-2016-6305
22 Sep 2016 — The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. La función ssl3_read_bytes en record/rec_layer_s3.c en OpenSSL 1.1.0 en versiones anteriores a 1.1.0a permite a atacantes remotos provocar una denegación de servicio (bucle infinito) desencadenando un registro de longitud cero en una llamada SSL_peek. A malicious client can send an excessively large O... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-20: Improper Input Validation •